Merge in initial numbered parameters patch from Phoenix, thanks :)

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11087 e03df62e-2008-0410-955e-edbf42e46eb7
author: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-02-11 23:35:42 +0000
committer: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-02-11 23:35:42 +0000
commit: 4ed72f3744b1f78251d66c9556695f6328a3bee0 (patch)
tree: 20d4a6c1b75a5fa74acfb480ed245eb73a381047 /src
parent: de594096be57d93e252dccea445ebe08834817fd (diff)
4 files changed, 317 insertions, 30 deletions
diff --git a/src/modules/extra/m_mssql.cpp b/src/modules/extra/m_mssql.cpp
index 321a11ed2..65f86e9ac 100644
--- a/src/modules/extra/m_mssql.cpp
+++ b/src/modules/extra/m_mssql.cpp
@@ -34,6 +34,19 @@ class ModuleMsSQL;
 typedef std::map<std::string, SQLConn*> ConnMap;
 typedef std::deque<MsSQLResult*> ResultQueue;
 
+unsigned long count(const char * const str, char a)
+{
+	unsigned long n = 0;
+	const char *p = reinterpret_cast<const char *>(str);
+
+	while ((p = strchr(p, a)) != NULL)
+	{
+		++p;
+		++n;
+	}
+	return n;
+}
+
 ResultNotifier* notifier = NULL;
 MsSQLListener* listener = NULL;
 int QueueFD = -1;
@@ -346,30 +359,101 @@ class SQLConn : public classbase
 		char* queryend;
 
 		/* Total length of the unescaped parameters */
-		unsigned long paramlen;
+		unsigned long maxparamlen, paramcount;
 
 		/* Total length of query, used for binary-safety */
 		unsigned long querylength = 0;
 
-		paramlen = 0;
+		/* The length of the longest parameter */
+		maxparamlen = 0;
+
 		for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++)
 		{
-			paramlen += i->size();
+			if (i->size() > maxparamlen)
+				maxparamlen = i->size();
 		}
 
+		/* How many params are there in the query? */
+		paramcount = count(req.query.q.c_str(), '?');
+
+		/* This stores copy of params to be inserted with using numbered params 1;3B*/
+		ParamL paramscopy(req.query.p);
+
 		/* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be.
-		 * sizeofquery + (totalparamlength*2) + 1
+		 * sizeofquery + (maxtotalparamlength*2) + 1
 		 *
 		 * The +1 is for null-terminating the string
 		 */
-		query = new char[req.query.q.length() + (paramlen*2) + 1];
+
+		query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1];
 		queryend = query;
 
 		for(unsigned long i = 0; i < req.query.q.length(); i++)
 		{
 			if(req.query.q[i] == '?')
 			{
-				if(req.query.p.size())
+				/* We found a place to substitute..what fun.
+				 * use mssql calls to escape and write the
+				 * escaped string onto the end of our query buffer,
+				 * then we "just" need to make sure queryend is
+				 * pointing at the right place.
+				 */
+
+				/* Is it numbered parameter?
+				 */
+
+				bool numbered;
+				numbered = false;
+
+				/* Numbered parameter number :|
+				 */
+				unsigned int paramnum;
+				paramnum = 0;
+
+				/* Let's check if it's a numbered param. And also calculate it's number.
+				 */
+
+				while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
+				{
+					numbered = true;
+					++i;
+					paramnum = paramnum * 10 + req.query.q[i] - '0';
+				}
+
+				if (paramnum > paramscopy.size() - 1)
+				{
+					/* index is out of range!
+					 */
+					numbered = false;
+				}
+
+				if (numbered)
+				{
+					/* Custom escaping for this one. converting ' to '' should make SQL Server happy. Ugly but fast :]
+					 */
+					char* escaped = new char[(paramscopy[paramnum].length() * 2) + 1];
+					char* escend = escaped;
+					for (std::string::iterator p = paramscopy[paramnum].begin(); p < paramscopy[paramnum].end(); p++)
+					{
+						if (*p == '\'')
+						{
+							*escend = *p;
+							escend++;
+							*escend = *p;
+						}
+						*escend = *p;
+						escend++;
+					}
+					*escend = 0;
+
+					for (char* n = escaped; *n; n++)
+					{
+						*queryend = *n;
+						queryend++;
+					}
+					delete[] escaped;
+				}
+				else if (req.query.p.size())
 				{
 					/* Custom escaping for this one. converting ' to '' should make SQL Server happy. Ugly but fast :]
 					 */
diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp
index 77e28eb99..339f13309 100644
--- a/src/modules/extra/m_mysql.cpp
+++ b/src/modules/extra/m_mysql.cpp
@@ -74,6 +74,20 @@ int QueueFD = -1;
 
 class DispatcherThread;
 
+unsigned long count(const char * const str, char a)
+{
+	unsigned long n = 0;
+	const char *p = reinterpret_cast<const char *>(str);
+
+	while ((p = strchr(p, a)) != NULL)
+	{
+		++p;
+		++n;
+	}
+	return n;
+}
+
+
 /** MySQL module
  *  */
 class ModuleSQL : public Module
@@ -346,25 +360,33 @@ class SQLConnection : public classbase
 		char* queryend;
 
 		/* Total length of the unescaped parameters */
-		unsigned long paramlen;
+		unsigned long maxparamlen, paramcount;
 
 		/* Total length of query, used for binary-safety in mysql_real_query */
 		unsigned long querylength = 0;
 
-		paramlen = 0;
+		/* The length of the longest parameter */
+		maxparamlen = 0;
 
 		for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++)
 		{
-			paramlen += i->size();
+			if (i->size() > maxparamlen)
+				maxparamlen = i->size();
 		}
 
+		/* How many params are there in the query? */
+		paramcount = count(req.query.q.c_str(), '?');
+
+		/* This stores copy of params to be inserted with using numbered params 1;3B*/
+		ParamL paramscopy(req.query.p);
+
 		/* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be.
-		 * sizeofquery + (totalparamlength*2) + 1
+		 * sizeofquery + (maxtotalparamlength*2) + 1
 		 *
 		 * The +1 is for null-terminating the string for mysql_real_escape_string
 		 */
 
-		query = new char[req.query.q.length() + (paramlen*2) + 1];
+		query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1];
 		queryend = query;
 
 		/* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting
@@ -381,7 +403,42 @@ class SQLConnection : public classbase
 				 * then we "just" need to make sure queryend is
 				 * pointing at the right place.
 				 */
-				if(req.query.p.size())
+
+				/* Is it numbered parameter?
+				 */
+
+				bool numbered;
+				numbered = false;
+
+				/* Numbered parameter number :|
+				 */
+				unsigned int paramnum;
+				paramnum = 0;
+
+				/* Let's check if it's a numbered param. And also calculate it's number.
+				 */
+
+				while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
+				{
+					numbered = true;
+					++i;
+					paramnum = paramnum * 10 + req.query.q[i] - '0';
+				}
+
+				if (paramnum > paramscopy.size() - 1)
+				{
+					/* index is out of range!
+					 */
+					numbered = false;
+				}
+
+				if (numbered)
+				{
+					unsigned long len = mysql_real_escape_string(&connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
+
+					queryend += len;
+				}
+				else if (req.query.p.size())
 				{
 					unsigned long len = mysql_real_escape_string(&connection, queryend, req.query.p.front().c_str(), req.query.p.front().length());
 
@@ -445,7 +502,8 @@ class SQLConnection : public classbase
 
 	bool ConnectionLost()
 	{
-		if (&connection) {
+		if (&connection)
+		{
 			return (mysql_ping(&connection) != 0);
 		}
 		else return false;
@@ -453,7 +511,8 @@ class SQLConnection : public classbase
 
 	bool CheckConnection()
 	{
-		if (ConnectionLost()) {
+		if (ConnectionLost())
+		{
 			return Connect();
 		}
 		else return true;
@@ -723,7 +782,8 @@ class MySQLListener : public ListenSocketBase
 
 	virtual void OnAcceptReady(const std::string &ipconnectedto, int nfd, const std::string &incomingip)
 	{
-		new Notifier(this->Parent, this->ServerInstance, nfd, (char *)ipconnectedto.c_str()); // XXX unsafe casts suck
+		// XXX unsafe casts suck
+		new Notifier(this->Parent, this->ServerInstance, nfd, (char *)ipconnectedto.c_str());
 	}
 
 	/* Using getsockname and ntohs, we can determine which port number we were allocated */
@@ -933,5 +993,5 @@ void DispatcherThread::Run()
 	}
 }
 
-MODULE_INIT(ModuleSQL)
 
+MODULE_INIT(ModuleSQL)
diff --git a/src/modules/extra/m_pgsql.cpp b/src/modules/extra/m_pgsql.cpp
index 2c586e1b3..0484646df 100644
--- a/src/modules/extra/m_pgsql.cpp
+++ b/src/modules/extra/m_pgsql.cpp
@@ -44,6 +44,19 @@ typedef std::map<std::string, SQLConn*> ConnMap;
  */
 enum SQLstatus { CREAD, CWRITE, WREAD, WWRITE, RREAD, RWRITE };
 
+unsigned long count(const char * const str, char a)
+{
+	unsigned long n = 0;
+	const char *p = reinterpret_cast<const char *>(str);
+
+	while ((p = strchr(p, a)) != NULL)
+	{
+		++p;
+		++n;
+	}
+	return n;
+}
+
 /** SQLhost::GetDSN() - Overload to return correct DSN for PostgreSQL
  */
 std::string SQLhost::GetDSN()
@@ -466,7 +479,8 @@ class SQLConn : public EventHandler
 						case PGRES_FATAL_ERROR:
 							reply.error.Id(SQL_QREPLY_FAIL);
 							reply.error.Str(PQresultErrorMessage(result));
-						default:;
+						default:
+							;
 							/* No action, other values are not errors */
 					}
 
@@ -571,23 +585,35 @@ class SQLConn : public EventHandler
 				char* query;
 				/* Pointer to the current end of query, where we append new stuff */
 				char* queryend;
+
 				/* Total length of the unescaped parameters */
-				unsigned int paramlen;
+				unsigned long maxparamlen, paramcount;
+
+				/* Total length of query, used for binary-safety */
+				unsigned long querylength = 0;
 
-				paramlen = 0;
+				/* The length of the longest parameter */
+				maxparamlen = 0;
 
 				for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++)
 				{
-					paramlen += i->size();
+					if (i->size() > maxparamlen)
+						maxparamlen = i->size();
 				}
 
+				/* How many params are there in the query? */
+				paramcount = count(req.query.q.c_str(), '?');
+
+				/* This stores copy of params to be inserted with using numbered params 1;3B*/
+				ParamL paramscopy(req.query.p);
+
 				/* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be.
-				 * sizeofquery + (totalparamlength*2) + 1
+				 * sizeofquery + (maxtotalparamlength*2) + 1
 				 *
 				 * The +1 is for null-terminating the string for PQsendQuery()
 				 */
 
-				query = new char[req.query.q.length() + (paramlen*2) + 1];
+				query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1];
 				queryend = query;
 
 				/* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting
@@ -605,7 +631,53 @@ class SQLConn : public EventHandler
 						 * pointing at the right place.
 						 */
 
-						if(req.query.p.size())
+						/* Is it numbered parameter?
+						 */
+
+						bool numbered;
+						numbered = false;
+
+						/* Numbered parameter number :|
+						 */
+						unsigned int paramnum;
+						paramnum = 0;
+
+						/* Let's check if it's a numbered param. And also calculate it's number.
+						 */
+
+						while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
+						{
+							numbered = true;
+							++i;
+							paramnum = paramnum * 10 + req.query.q[i] - '0';
+						}
+
+						if (paramnum > paramscopy.size() - 1)
+						{
+							/* index is out of range!
+							 */
+							numbered = false;
+						}
+
+						if (numbered)
+						{
+							int error = 0;
+							size_t len = 0;
+
+#ifdef PGSQL_HAS_ESCAPECONN
+							len = PQescapeStringConn(sql, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length(), &error);
+#else
+							len = PQescapeString         (queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
+#endif
+							if (error)
+							{
+								ServerInstance->Logs->Log("m_pgsql", DEBUG, "BUG: Apparently PQescapeStringConn() failed somehow...don't know how or what to do...");
+							}
+
+							/* Incremenet queryend to the end of the newly escaped parameter */
+							queryend += len;
+						}
+						else if (req.query.p.size())
 						{
 							int error = 0;
 							size_t len = 0;
@@ -685,7 +757,8 @@ class SQLConn : public EventHandler
 		return confhost;
 	}
 
-	void Close() {
+	void Close()
+	{
 		if (!this->ServerInstance->SE->DelFd(this))
 		{
 			if (sql && PQstatus(sql) == CONNECTION_BAD)
diff --git a/src/modules/extra/m_sqlite3.cpp b/src/modules/extra/m_sqlite3.cpp
index e300d29ae..d174ce8aa 100644
--- a/src/modules/extra/m_sqlite3.cpp
+++ b/src/modules/extra/m_sqlite3.cpp
@@ -31,6 +31,19 @@ typedef std::map<std::string, SQLConn*> ConnMap;
 typedef std::deque<classbase*> paramlist;
 typedef std::deque<SQLite3Result*> ResultQueue;
 
+unsigned long count(const char * const str, char a)
+{
+	unsigned long n = 0;
+	const char *p = reinterpret_cast<const char *>(str);
+
+	while ((p = strchr(p, a)) != NULL)
+	{
+		++p;
+		++n;
+	}
+	return n;
+}
+
 ResultNotifier* notifier = NULL;
 SQLiteListener* listener = NULL;
 int QueueFD = -1;
@@ -293,30 +306,87 @@ class SQLConn : public classbase
 		char* queryend;
 
 		/* Total length of the unescaped parameters */
-		unsigned long paramlen;
+		unsigned long maxparamlen, paramcount;
 
 		/* Total length of query, used for binary-safety */
 		unsigned long querylength = 0;
 
-		paramlen = 0;
+		/* The length of the longest parameter */
+		maxparamlen = 0;
+
 		for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++)
 		{
-			paramlen += i->size();
+			if (i->size() > maxparamlen)
+				maxparamlen = i->size();
 		}
 
+		/* How many params are there in the query? */
+		paramcount = count(req.query.q.c_str(), '?');
+
+		/* This stores copy of params to be inserted with using numbered params 1;3B*/
+		ParamL paramscopy(req.query.p);
+
 		/* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be.
-		 * sizeofquery + (totalparamlength*2) + 1
+		 * sizeofquery + (maxtotalparamlength*2) + 1
 		 *
 		 * The +1 is for null-terminating the string
 		 */
-		query = new char[req.query.q.length() + (paramlen*2) + 1];
+
+		query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1];
 		queryend = query;
 
 		for(unsigned long i = 0; i < req.query.q.length(); i++)
 		{
 			if(req.query.q[i] == '?')
 			{
-				if(req.query.p.size())
+				/* We found a place to substitute..what fun.
+				 * use sqlite calls to escape and write the
+				 * escaped string onto the end of our query buffer,
+				 * then we "just" need to make sure queryend is
+				 * pointing at the right place.
+				 */
+
+				/* Is it numbered parameter?
+				 */
+
+				bool numbered;
+				numbered = false;
+
+				/* Numbered parameter number :|
+				 */
+				unsigned int paramnum;
+				paramnum = 0;
+
+				/* Let's check if it's a numbered param. And also calculate it's number.
+				 */
+
+				while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
+				{
+					numbered = true;
+					++i;
+					paramnum = paramnum * 10 + req.query.q[i] - '0';
+				}
+
+				if (paramnum > paramscopy.size() - 1)
+				{
+					/* index is out of range!
+					 */
+					numbered = false;
+				}
+
+
+				if (numbered)
+				{
+					char* escaped;
+					escaped = sqlite3_mprintf("%q", paramscopy[paramnum].c_str());
+					for (char* n = escaped; *n; n++)
+					{
+						*queryend = *n;
+						queryend++;
+					}
+					sqlite3_free(escaped);
+				}
+				else if (req.query.p.size())
 				{
 					char* escaped;
 					escaped = sqlite3_mprintf("%q", req.query.p.front().c_str());
author	brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-02-11 23:35:42 +0000
committer	brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-02-11 23:35:42 +0000
commit	4ed72f3744b1f78251d66c9556695f6328a3bee0 (patch)
tree	20d4a6c1b75a5fa74acfb480ed245eb73a381047 /src
parent	de594096be57d93e252dccea445ebe08834817fd (diff)